Описание
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script executed by the interpreter, to cause a use-after-free issue that may result in a sandbox escape.
Отчет
This flaw does not affect versions of Lua shipped with Red Hat Enterprise Linux 6, 7, or 8; the vulnerable code was introduced in a subsequent version of Lua.
Меры по смягчению последствий
Ensure that the Lua interpreter runs only trusted scripts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | lua | Not affected | ||
| Red Hat Enterprise Linux 7 | lua | Not affected | ||
| Red Hat Enterprise Linux 8 | libreoffice:flatpak/lua | Not affected | ||
| Red Hat Enterprise Linux 8 | lua | Not affected | ||
| Red Hat JBoss Core Services | lua | Not affected | ||
| Red Hat Enterprise Linux 9 | lua | Fixed | RHSA-2023:0957 | 28.02.2023 |
| Red Hat Enterprise Linux 9 | lua | Fixed | RHSA-2023:0957 | 28.02.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | lua | Fixed | RHSA-2023:1211 | 14.03.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Use after free in garbage collector and finalizer of lgc.c in Lua inte ...
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
EPSS
7 High
CVSS3